Darlington: More Safety Related Issues

March 7, 2013 — David Jackson

Three more significant topics related to nuclear safety came up at the hearings.

The first concerns the population near the Darlington reactor complex. The higher the surrounding population the more impact an accident would have. The Darlington station is about 70 km from downtown Toronto. The Pickering Nuclear Generating Station with its six operating and two dormant reactors is even closer to Toronto. As I understand it, the plan is to extend the life of the four Pickering B reactors until around 2025 and then close down the two remaining Pickering A reactors at the same time. If this goes as planned, all the Pickering reactors would be shut down in twelve years. Significant nuclear activity including decommissioning and used fuel storage would still remain at Pickering but the potential for a reactor accident with far reaching consequences would disappear.
On the other hand the four Darlington reactors as refurbished will operate until 2060 and perhaps two more new build reactors will be added to bring the total to six. With Pickering closed down one might want to reconsider whether it is a good idea to build new reactors so close to the major population centre of southern Ontario or indeed whether the continued operation of the current Darlington reactors after refurbishment is a good idea. New reactors could be built at willing communities such as the Bruce site, in the upper Ottawa valley and Nanticoke on Lake Erie. Indeed, why not share the economic wealth that the boosters love so much? I know that this is not going to happen but I strongly suspect that if we had it to do all over again we’d keep the reactors as far away from large populations as possible.
A second issue concerns reactor operation when the safety systems are unavailable. According to the Darlington hearings presentation of the Canadian Coalition for Nuclear Responsibility (CCNR), a venerable ant-nuclear group, reactors are sometimes operated with one or more of the safety systems unavailable. Not only that but the CNSC (and its predecessor the AECB) used to annually publish “statistics” on the unavailability of the safety systems but no longer does so even though OPG still provides them to the CNSC. The CCNR wanted to see them published again.
This became a classic case of the miscommunications that plague the nuclear industry. The CCNR would have us believe that the operators would in effect say “Doesn’t matter if all the safety systems are working, let’s start up the reactor”. On the other side the CNSC and OPG vehemently denied that reactors are ever operated without any of the four main safety systems available. As usual the truth is somewhere in between. CANDU reactors can operate for weeks and months without ever shutting down. At various times during continuous operation the safety systems are tested and sometimes one or more are temporarily unavailable. The number and duration of such outages comprise the statistics in question. It seems that both sides of the issue deliberately chose to misunderstand each other. The original question (i.e. why doesn’t the CNSC still publish the statistics) was never answered.
A third issue is the multi-unit nature of the Darlington station. All four reactors share a common control room, a large cavernous room (“area zero” as I recall), with a separate console area for each reactor. This makes the control area very vulnerable to accidents and malevolent actions. Both the Three Mile Island and the Chernobyl reactors involved in the accidents were in multi-reactor clusters. In both cases the neighboring reactors undamaged by the accidents continued to operate for years afterward. The key was that the other reactors had their own control rooms isolated from the damaged reactors so that for example radiation in or damage to the control room of one didn’t affect the others. In the case of Fukushima four reactors were involved and the problem there was the whether the reactors could be remotely operated from a secondary control room. Multi-reactor/single control room issues are being reconsidered internationally. I feel that intuitively one would prefer a separate control room for each reactor which is not the case at Darlington.
As for malevolent acts I personally doubt, with no particular knowledge for believing so, that any armed terrorist gang would attempt to fight its way into the common control room area but if they were successful all four reactors would be in danger. The actions of mentally disturbed workers including those with drug or alcohol problems are more likely to be the source of attacks on the shared control room area. The CNSC has been discussing mandatory drug and alcohol testing of reactor operators but as far as I can determine no regulations are yet in place. The good news is that a cyber attack, a technique that has already been used against nuclear facilities elsewhere in the world, does not appear to distinguish between control room configurations. Various comments on these matters were made by intervenors but in this case it is clearly in everyone’s interests to keep all the details of security arrangements secret.
I believe the first and third of the above problem areas arose from an overly optimistic attitude to nuclear safety on the part of Darlington’s designers stemming from a desire to save money by minimizing transmission loses and by having the reactors share common facilities.